Caution, malicious e-mail!

Never divulge your password by email! Only log in on absolutely reliable websites! In case of doubt ask your IT-support first!

At least 95% of all incoming email from outside the ETH is either spam, contains viruses or tries to get your login information (phishing = password fishing).

On peak days our filter identifies up to 3.5 million of these unsolicited emails. While spam is usually harmless and is rejected in large quantities by the spam filter and viruses are usually removed by the virus scanner of our server or of your computer, we need you to take care of phishing mail!

Unfortunately, there are still some people responding to phishing attacks. Those email accounts are then used to distribute spam. As a consequence of this, our mail servers could be blacklisted and mails from ETH may not be accepted any more. This means a lot of work for us and of course, we’d have to lock your mailbox!

Today’s phishing messages are getting more and more subtle. It’s hard to identify them using a spam filter because they are designed for a specific service of a specific organisation. For you as email recipient, follow a simple rule to find out whether an email is a phishing mail or not:

No serious service provider will ever ask you for your username and your password! Even if an email looks legitimate and even if it claims that your mailbox will be locked: It certainly wasn’t sent by us!

It is quite a bit harder to identify phishing mail tempting you to log in on a website in order to get your login-information. Treat these mails with suspicion! Is it an ETH website (ethz.ch)? Check the URL (web address) carefully! Does the page have a valid certificate? If in doubt, ask your local IT-support office or the IT Services Helpdesk (27777).